Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuous Reboot of System


  • This topic is locked This topic is locked
43 replies to this topic

#1 m3ommm

m3ommm

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 24 September 2010 - 09:59 PM

i am also having the same problem. its on windows xp pro and none of th f8 options have worked except for the one that stops it from auto restart after system failure. when i choose that option i do get a blue screen. otherwise it just keeps restarting. thanks in advance if you can help. this is my work computer so i really need to fix it. please let me know donation cost if solved. thanks

Attached Files

  • Attached File  bsod.jpg   44.42KB   10 downloads


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 01:09 AM

Hello, could you please let me know if you have an XP CD and which Service Pack is installed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 11:14 AM

ok i have windows xp pro and the box says now includes service pack 2 version 2002. other disks i have are acer system disk and recovery disk. i tried putting those in but it said would completely restore the computer so i pressed cancel.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 11:43 AM

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  • When asked to select the Windows installation, press 1.
  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Type cd servicepackfiles\i386 and press enter. Let me know if the prompt changes in c:\windows\servicepackfiles\i386> or if you get an error.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 12:08 PM

whoo. thanks. im at someone elses desk so let me try looking for a pc with a cd burner. stand by!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 12:57 PM

Okay, please take your time. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 01:23 PM

ok after many tries i made the disk.
i put the disc in and had to press f12 to boot from cdrom
i followed the steps and now it says

c:\windows\servicepackfiles\i386>

i dont know what to do after that?

thank you!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 01:36 PM

Very good! smile.gif

Type the following lines and press enter after each one. If at any point asked to overwrite, please say Yes.

cd c:\windows

copy c:\windows\servicepackfiles\i386\explorer.exe explorer.exe

cd system32

copy c:\windows\servicepackfiles\i386\winlogon.exe winlogon.exe

exit


Your computer will now reboot. Let me know if you can boot normally.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 01:55 PM

omg wow it worked! ur amazing smile.gif
ok so now i finally see my desktop and i seem to have that really nasty virus- the one with the fake security threats- i tried pressing rkill but its not working, if i try to open my malware it wont let me, what else can i do without having to restart the computer?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 01:58 PM

One infection down, more to go. smile.gif

I'll move this topic to the malware removal forum so we can take care of it.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by elise025, 26 September 2010 - 01:59 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 02:06 PM

ok so my cmptr wont let me get online with the virus so can i save the combofix.exe at another computer and then open it at the infected computer?



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 02:34 PM

Yes, you can do that, but make sure to use Flash disinfector in order to prevent infecting another computer as well. smile.gif

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Combofix will want to install the Recovery Console, no need for that; we already have a CD and it won't let you most likely because the connection isn't working.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 02:45 PM

wow that looks great when i fix my cmptr i will install that flash drive protection. for now, i did use a new flash drive then i restarted the cmptr in safe mode and was able to get combofix to run but it wasnt able to connect to the internet but its still ran and now it says scanning stage , rebooting windows..........

#14 m3ommm

m3ommm
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 September 2010 - 03:03 PM

ok everything is done, i have a very long text file from combofix. the internet no longer works now. how do i post the file here? should i put it on the flash drive?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 PM

Posted 26 September 2010 - 03:07 PM

Yes, please put the log on the flashdrive and post it using another computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users